spatial operations must be KILL-able
Bug #809849 reported by
Philip Stoev
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MariaDB |
Fix Released
|
Undecided
|
Alexey Botchkov |
Bug Description
Spatial operations can be very CPU intensive, and they are not killable using KILL if they do not use any table rows. This causes the following problems:
- The RQG can not terminate randomly-generated spatial expressions that take too long to calculate, causing the test to block until the expression is calculated;
- It is possible to DoS a server using a spatial expression. No table or update rights are required -- just the ability to connect to the server are required;
- trying to work around the limitations of SQL and the OpenGIS model via application-side logic or CONCAT tricks may produce a query that does not use any tables and is thus unkillable.
Related branches
Changed in maria: | |
milestone: | none → 5.3 |
assignee: | nobody → Alexey Botchkov (holyfoot) |
Changed in maria: | |
milestone: | 5.3 → none |
Changed in maria: | |
milestone: | none → 5.3 |
Changed in maria: | |
status: | New → Fix Committed |
Changed in maria: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.